>>We're back with the cube at Falcon 2022, Dave ante and Dave Nicholson. We're at the aria. We do of course, a lot of events in Las Vegas. It's the, it's the place to do events. Dave, I think is my sixth or seventh time here this year. At least. I don't know. I lose track. Jeff Swain is here. He's the vice president of global programs store and tech alliances at CrowdStrike. Jeff. Good to see you again. We saw each other at reinvent in July in Boston. >>Yes. Yeah, it was great to see you again, Dave, thank >>Very much. And we talked about making this happen so thrilled to be here at, at, at CrowdStrike Falcon. We're gonna talk today about the CrowdStrike XDR Alliance partners. First of all, what's XDR >>Well, I hope you were paying attention to George's George's keynote this morning. I guess. You know, the one thing we know is that if you ask 10, five people, what XDR is you'll get 10 answers. >>I like this answer a holistic approach to endpoint security. I, that was, >>It was good. Simple. >>That was a good one at black hat. So, but tell us about the XDR Alliance partners program. Give us the update there. >>Yeah, so I mean, we spoke about it reinforced, you know, the XDR program is really predicated on having a robust ecosystem of partners to help us share that telemetry across all of the different parts of our customers' environment. So we've done a lot of work over the last few weeks and trying to bolster that environment specifically, putting a lot of focus on firewall. You'll see that Cisco and fortunate have both joined the XD XDR Alliance. So we're working on that right now. A lot of customer demand for firewall data into the telemetry set. You know, obviously it's a very rich data environment. There's a lot of logs on firewalls. And so it drives a lot of, of, of information that we can, we can leverage. So we're continuing to grow that. And what we're doing is building out different content packs that support different use cases. So firewall is one CAS B is another emails another and we're building, building out the, the partner set right across the board. So it's, it's, it's been a, a great set of >>Activity. So it's it's partners that have data. Yep. There's probably some, you know, Joe Tuchi year old boss used to say that that overlap is better than gaps. So there's sometimes there's competition, but that's from a customer standpoint, overlap is, is better than gaps. So as gonna mention Cisco forte and there are a number of others, they've got data. Yes. And they're gonna pump it into your system, our platform, and you've got the, your platform. You've got the ability to ingest. You've got the cloud native architecture, you've got the analytics and you've got the near real time analysis capability. Right, right. >>Augmented by people as well, which is a really important part of our value proposition. You know, we, it's not just relying purely on AI, but we have a human, a human aspect to it as well to make sure we're getting extremely accurate responses. And then there's the final phase is the response phase. So being able to take action on a CASB, for example, when we have a known bad actor operating in the cloud is a really important, easy action for our customer to take. That's highly valuable. You're >>Talking about your threat hunting capability, right? >>So it's threat hunting and our Intel capability as well. We use all of that information as well as the telemetry to make sure we're making good, actionable >>Decisions, Intel being machine intelligence or, or human and machine >>Human and human and machine intelligence that we have. We have a whole business that's out there gathering Intel. I believe you think to Adam Myers who runs that business. And you know, that Intel is critical to making good decisions for our customers. >>So the X and XDR is extended, correct. Extending to things like firewalls. That's pretty obvious in the security space. Are there some less obvious data sources that you look to extend to at some point? >>Yeah, I think we're gonna continually go with where the customer demand is. And firewalls is one of the first and is very significant. Other one, you'll see that we're announcing support for Microsoft 365 as well as part of this, this announcement, but then we'll still grow out into the other areas. NDR is, you know, a specific area where we've already got a number of partners in that, in that space. And, and we'll grow that as we go. I think one of the really exciting additional elements is the, the OCS F announcement that we made at at, at, at, at reinforced, which also is a shared data scheme across a number of vendors as well. So talking to Mike's point, Microsoft ST's point this morning in his keynote, it's really about the industry getting together to do better job for our customers. And XDR is the platform to do that. And crowd strikes it way of doing it is the only really true, visible way for a customer to get their hands on all that information, make the decision, see the good from the bad and take the action. So I feel like we're really well placed to help our customers in >>That space. Well, Kevin mania referenced this too today, basically saying the industry's doing a better job of collaborations. I mean, sometimes I'm skeptical because we've certainly seen people try to, you know, commercialize private information, private reports. Yeah. But, but, but you're talking about, you know, some of your quasi competitors cooperatives, you know, actually partnering with you now. So that's a, that's a good indicator. Yeah. I want to step back a little bit, talk about the macro, the big conversation on wall street. Everybody wants to talk about the macro of course, for obvious reasons, we just published our breaking analysis, talking about you guys potentially being a generational company and sort of digging into that a little bit. We've seen, you know, cyber investments hold up a little bit better, both in terms of customer spending and of course the stock market better than tech broadly. Yeah. So in that case it would, it would suggest that cyber investments are somewhat non-discretionary. So, but that is my question are cyber investments non-discretionary if, if so, how, >>You know, I think George George calls that out directly in our analyst reports as well that, you know, we believe that cyber is a non-discretionary spend, but I, I actually think it's more than that. I think in this current macro or economic environment where CIOs and CSOs are being asked to sweat their assets for significantly longer period of time, that actually creates vulnerabilities because they have older kit, that's running for a longer period that they normally, you know, round out or churn out of their environment. They're not getting the investment to replace those laptops. They're not getting the, I placement to replace those servers. We have to sweat them for a little bit longer, longer, which means they need to be on top of the security posture of those devices. So that means that we need the best possible telemetry that we can get to protect those in the best possible way. So I actually think not only is it makes it non-discretionary, it actually increases the, the business case for, for, for taking on a, a cyber project. >>And I buy that. I buy that the business case is better potentially for cyber business case. And cyber is about, about risk reduction, right? It's about, it's about reducing expected loss. I, I, I, I, but the same time CISOs don't have an open wallet. They have to compete with other P and L managers. I also think the advantage for CrowdStrike I'm, I'm getting deeper into the architecture and beginning to understand the power of a lightweight agent that can do handle. I think you're up to 22 modules now, correct? Yes. I've got questions on how you keep that lightweight, but, but nonetheless, if you can consolidate the point tools, which is, you know, one of the biggest challenges that, that SecOps teams face that strengthens the ROI as well. >>Absolutely. And if you look at what George was saying this morning in the keynote, the combination of being able to provide tools, not only to the SecOps team, but the it ops team as well, being able to give the it ops team visibility on how many assets they have. I mean, these simple, these are simple questions that we should be able to answer. But often when we ask, you know, an operations leader, can you answer it? It sometimes it's hard for them. We actually have a lot of that information. So we are able to bring that into the platform. We're able to show them, we're able to show them where the assets are, where the vulnerabilities are against those assets and help it ops do a better job as well as SecOps. So the, the strength, the case strengthens, as you said, the CSO can also be talking to the it ops budget. >>The edge is getting more real. We're certainly hearing a lot about it now we're seeing a lot more and you kind of got the, the near edge, like the home Depot and the lows, you know, stores. Yeah. Okay. That I, I can get a better handle on, okay. How do I secure that? I've got some standards, but that's the far edge. It's, it's the, the OT yes. Piece of it. That's sort of the brave new world. What are you seeing there? How do you protect those far flowing estates? >>I think this gets back to the question of what's what's new or what's coming and where do we see the, the next set of workloads that we have to tackle? You know, when we came along first instance, we were really doing a lot of the on-prem on-prem and, and, and known cloud infrastructure suites. Then we started really tackling the broader crowd market with tools and technology to give visibility and control of the overall cloud environment. OT represents that next big addressable market for us, because there are so many questions around devices where they are, how old they are, what they're running. So visibility into the OT network is extremely, extremely important. And, you know, the, the wall that has existed again between the CISO and the OT environments coming down, we're seeing that's closer, closer alignment between the security on both those worlds. So the announcement that we've made around extending our Falcon discover product, to be able to receive and understand device information from the OT network and bring it into the same console as the, the it and the OT in the same console to give one cohesive picture of, of visibility of all of our devices is a major step forward for our customers and for, for the industry as well. >>And we see that being, being able to get the visibility will then lead us to a place of being able to build our AI models, build our response frameworks. So then we can go to a full EDR and then beyond that, there's, you know, all the other things that CrowdStrike do so well, but this is the first step to really the first step on control is visibility. And >>The OT guys are engineers. So they're obviously conscious of this stuff. It's, it's more it's again, you're extending that culture, isn't >>It? Yeah, yeah, yeah. Now when you're looking at threats, great, you want to do things to protect against those threats, but how much, how much of CrowdStrike's time is spent thinking about the friction that's involved in transactions? If I wanna go to the grocery store, think of me as an end point. If I wanna go to the grocery store, if I had to drive through three DUI checkpoints or car safety inspections. Yeah. Every time I went to the grocery store, I wouldn't be happy as an end point as an end user in this whole thing. Ideally, we'd be able just to be authenticated and then not have to worry about anything moving forward. Do you see that as your role, reducing friction 1%, >>That's again, one of the core tenants of, of, of why George founded the company. I mean, he tells the story of sitting on an airplane and seeing an executive who was also on the airplane, trying to boot their machine up and try and get an email out before the plane took off and watching the scanning happen, you know, old school virus scanning happening on the laptop and, and that executive not making it because, and he is like in this day and age, how can we be holding people back with that much friction in their day to day life? So that's one of the, again, founding principles of what we do at CrowdStrike was the security itself needs to support business growth, support, user growth, and actually get out of the way of how people do things. And we've seen progression along that lines. I think the zero trust work that we're doing right now really helps with that as well. >>Our integrations into other companies that play within the zero trust space makes that frictionless experience for the user, because yeah, we, we, we want to be there. We want to know everything that's happening, but we don't wanna see where we always want control points, but that's the value of the telemetry we take. We're taking all the data so we can see everything. And then we pick what we want to review rather than having to do the, the checkpoint approach of stop here. Now, let me see your credentials. Stop here. Let me see your credentials because we have a full field of, of knowledge and information on what the device is doing and what the user is doing. We're able to then do the trust with verify style approach. >>So coming back to the, to the edge in IOT, you know, bringing that zero trust concept to the, to the edge you've got, you've got it. And OT. Okay. So that's a new constituency, but you're consolidating that view. Your job gets harder. Doesn't it? So, so, so talk about how you resolve that. Do do the, do the concepts that you apply to traditional it endpoints apply at the edge. >>So first things we have to do is gain the visibility. And, and so the way in which we're doing that is effectively drawing information out from the OT environment at, by, by having a collector that's sitting there and bringing that into our console, which then will give us the ability to run our AI models and our other, you know, indications of attack or our indicators of misconfiguration into the model. So we can see whether something's good or bad whilst we're doing that. Obviously we're also working on building specific senses that will then sit in OT devices down, you know, one layer down from rather being collected and pulled and brought into the platform, being collected at the individual sensor level when we have that completed. And that requires a whole different ecosystem for us, it means that we have to engage with organizations like Rockwell and Siemens and Schneider, because they're the people who own the equipment, right? Yeah. And we have to certify with them to make sure that when we put technology onto their equipment, we're not going to cause any kind of critical failure that, you know, that could have genuine real world physical disastrous consequences. So we have to be super careful with how we build that, which we're we're in the process of >>Doing are the IOA signatures indicator as a tax. So I don't have to throw a dollar in the jar. Are the IOA signatures substantially similar at, at the edge, or >>I think we learn as we go, you know, first we have to gain the information and understand what good and bad looks like, what the kind of behaviors are there. But what we will see is that, you know, as someone's trying to, there's an actor, you know, making an attack, you know, will be able to see how they're affecting each of those endpoints individually, whether they're trying to take some form of control, whether they're switching them on and off in the edge and the far edge, it's a little bit more binary in terms of the kind of function of the device. It is the valve open or is the valve closed? It's is the production line running or is the production not line running, not running. So we need to be able to see that it's more about protecting the outcomes there as well. But again, you know, it's about first, we have to get the information. That's what this product will help us do, get it into the platform, get our teams over the top of it, learn more about what's going on there and then be able to take action. >>But the key point is the architecture will scale. And that's where the cloud native things comes >>Into. Yeah, it'll, it'll it'll scale. But to your, to your point about the lack of investment and infrastructure means older stuff means potentially wider gaps, bigger security holes, more opportunity for the security sector. Yep. I buy that. That makes sense. I think if it's a valid argument, when you, when you, when you know, we, we loosely talk about internet of things, edge, a lot of those things on the edge, there's probably a trillion dollars worth of a hundred year old garbage, and I'm only slightly exaggerating on the trillion and the a hundred years old, a lot of those critical devices that need to be sensed that are controlling our, our, our, our electrical grid. For example, a lot of those things need to be updated. So, so as you're pushing into that frontier, are you, you know, are, are you extending out developer kits and APIs to those people as they're developing those new things? Well, because some of the old stuff will never work. >>And that's what we're we're seeing is that there is a movement within the industrial control side of things to actually start, you know, doing this. Some, some simple things like removing the air gap from certain systems because you, now we can build a system around it. That's trustable and supportable. So now we can get access there over, over and over a network over the internet to, to, to kind of control a valve set that's down a pipeline or something like that. So there is, there is, there is willingness within the ecosystem, the, the IOT provider ecosystem to give us access to some of those, those controls, which, which wasn't there, which has led to some of some of these issues. Are we gonna be able to get to all of them? No, we're gonna have to make decisions based on customer demand, based on where the big, the big rock lie. And, and so we will continue to do that based on customer feedback on again, on what we see >>And the legacy air gaps in the OT worlds were by design for security reasons, or just sort of >>Mostly because there was no way to, to do before. Right. So it was, was like black >>Connectivity is >>So, so, so it was, people felt more comfortable sending an engineer route to the field truck roll. Yeah, yeah, yeah. To do it rather than expensive, rather. And, and exactly that, again, going back to our macro economic situation, you know, it's a very expensive way of managing and maintaining your fleet if you have to send someone to it every time. So there is a lot of there's, there's a lot of customer demand for change, and we're engaging in that change. And we want, we see a huge opportunity there >>Coming back to the X XDR Alliance, cuz that's kind of where we started. Where do you wanna see that go? What's your vision for that? >>So the Alliance itself has been fundamental in terms of now where we go with the overall platform. We are always constantly looking for customer feedback on where we go next on what additional elements to add that the Alliance members have been this fantastic time and effort in terms of engaging with us so that we can build in responses to their platforms, into, you know, into, into what we do. And they're seeing the value of it. I, I feel that over the next, you know, over the next two year period, we're gonna see those, our XDR Alliance and other XDR alliances growing out to get to each other and they will they'll touch each other. We will have to do it like the OSF project at AWS. And as that occurs, we're gonna be able to focus on customer outcomes, which is, you know, again, if you listen to George, you listen to Mike protecting the customers, the mission of CrowdStrike. So I think that's core to that, to, to that story. What we will see now is it's a great vehicle for us to give a structured approach to partnership. So we'll continue to invest in that. We've, we've got, we've got a pipeline of literally hundreds of, of partners who want to join. We've just gotta do that in a way that's consumable for us and consumable for the customer. >>Jeff Swain. Thanks so much for coming back in the cube. It's great to have you. Yeah. Thanks guys. Thank you. Okay. And thank you for watching Dave Nicholson and Dave ante. We'll be back right after this short break. You're watching the cube from Falcon 22 in Las Vegas, right back.

>>We're back with the cube at Falcon 2022, Dave ante and Dave Nicholson. We're at the aria. We do obvious of course, a lot of events in Las Vegas. It's the, it's the place to do events. Dave, I think is my sixth or seventh time here this year. At least. I don't know. I lose track. Jeff Swayne is here. He's the vice president of global programs store and tech alliances at CrowdStrike. Jeff. Good to see again. We saw each other at reinvent in July in Boston. >>Yes. Have it's great to see you again, Dave. Thank you very >>Much. And we talked about making this happen, so it's thrilled to be here at, at, at CrowdStrike Falcon. We're gonna talk today about the CrowdStrike XDR Alliance partners. First of all, what's XDR >>Well, I hope you were paying attention to George's George's keynote this morning. I guess. You know, the one thing we know is that if you ask 10, five people, what XDR is you'll get 10 answers. >>I like this answer a holistic approach to endpoint security. I, that was a, >>It was good. Simple. That >>Was a good one at black hat. So, but tell us about the XDR Alliance partners program. Give us the update there. >>Yeah, so I mean, we spoke about it reinforced, you know, the XDR program is really predicated on having a robust ecosystem of partners to help us share that telemetry across all of the different parts of our customers' environment. So we've done a lot of work over the last few weeks and trying to bolster that environment, specifically, putting a, a lot of focus on firewall. You'll see that Cisco and fortunate have both joined the XD XDR Alliance. So we're working on that right now. A lot of customer demand for firewall data into the telemetry set. You know, obviously it's a very rich data environment. There's a lot of logs on firewalls. And so it drives a lot of, of, of information that we can, we can leverage. So we're continuing to grow that. And what we're doing is building out different content packs that support different use cases. So firewall is one CAS B is another emails another and we're building, building out the, the partner set right across the board. So it's, it's, it's been a, a great set of >>Activity. So it's it's partners that have data. Yep. There's probably some, you know, Joe, Tuchi your old boss used to say that that overlap is better than gaps. So there's sometimes there's competition, but that's from a customer standpoint, overlap is, is better than gaps. So you gonna mention Cisco forte and there are a number of others. They've got data. Yes. And they're gonna pump it into your system, our platform, and you've got the, your platform. You've got the ability to ingest. You've got the cloud native architecture, you've got the analytics and you've got the near real time analysis capability, right. >>Augmented by people as well, which is a really important part of our value proposition. You know, we, it's not just relying purely on AI, but we have a human, a human aspect to it as well to make sure we're getting extremely accurate responses. And then there's the final phase is the response phase. So being able to take action on a CASB, for example, when we have a known bad actor operating in the cloud is a really important, easy action for our customer to take. That's highly valuable. You're >>Talking about your threat hunting capability, right? >>So threat hunting and our Intel capability as well. We use all of that information as well as the telemetry to make sure we're making good, actionable >>Decisions, Intel being machine intelligence or, or human in >>Machine human and human and machine intelligence that we have. We have a whole business that's out there gathering Intel. I believe you're thinking to Adam Myers who runs that business. And you know, that Intel is critical to making good decisions for our customers. >>So the X and XDR is extended, correct. Extending to things like firewalls. That's pretty obvious in the security space. Are there some less obvious data sources that you look to extend to at some point? >>Yeah, I think we're gonna continually go with where the customer demand is. Firewalls is one of the first and email is very significant. Other one, you'll see that we're announcing support for Microsoft 365 as well as part of this, this announcement, but then we'll still grow out into the other areas. NDR is, you know, a specific area where we've already got a number of partners in that, in that space. And, and we'll grow that as we go. I think one of the really exciting additional elements is the, the OCS F announcement that we made at at, at, at, at reinforced, which also is a shared data scheme across a number of vendors as well. So talking to Mike's point Microsoft's point this morning in his keynote, it's really about the industry getting together to do better job for our customers. And XDR is the platform to do that. And crowd strikes it way of doing it is the only really true, visible way for a customer to get their hands on all that information, make the decision, see the good from the bad and take the action. So I feel like we're really well placed to help our customers in >>That space. Well, Kevin, Mandy referenced this too today, basically saying the industry's doing a better job of collaboration. I mean, sometimes I'm skeptical because we've certainly seen people try to, you know, commercialize private information, private reports. Yeah. But, but, but you're talking about, you know, some of your quasi competitors cooperatives, you know, actually partnering with you now. So that's a, that's a good indicator. Yeah. I want to step back a little bit, talk about the macro, the big conversation on wall street. Everybody wants to talk about the macro of course, for obvious reasons, we just published our breaking analysis, talking about you guys potentially being a generational company and sort of digging into that a little bit. We've seen, you know, cyber investments hold up a little bit better, both in terms of customer spending and of course the stock market better than tech broadly. Yeah. So in that case it would, it would suggest that cyber investments are somewhat non-discretionary. So, but that's is my question are cyber investments non-discretionary if so, how, >>You know, I think George George calls that out directly in our analyst reports as well that, you know, we believe that cyber is a non-discretionary spend, but I, I actually think it's more than that. I think in this current macro of economic environment where CIOs and CSOs are being asked to sweat their assets for a significantly longer period of time, that actually creates vulnerabilities because they have older kit, that's running for a longer period that they normally, you know, round out or churn out of their environment. They're not getting the investment to replace those laptops. They're not getting the investment to replace those servers. We have to sweat them for a little bit longer, longer, which means they need to be on top of the security posture of those devices. So that means that we need the best possible telemetry that we can get to protect those in the best possible way. So I actually think not only is it makes it non-discretionary, it actually increases the, the business case for, for, for taking on a, a cyber project. >>And I buy that. I buy that the business case is better potentially for cyber business case. And cyber is about, about risk reduction, right? It's about, it's about reducing expected loss. I, I, I, I, but the same time CISOs don't have an open wallet. They have to compete with other P and L managers. I also think the advantage for CrowdStrike I'm, I'm getting deeper into the architecture and beginning to understand the power of a lightweight agent that can do handle. I think you're up to 22 modules now, correct? Yes. I've got questions on how you keep that lightweight, but, but nonetheless, if you can consolidate the point tools, which is, you know, one of the biggest challenges that, that SecOps teams face that strengthens the ROI as well. >>Absolutely. And if you look at what George was saying this morning in the keynote, the combination of being able to provide tools, not only to the SecOps team, but the it ops team as well, being able to give the it ops team visibility on how many assets they have. I mean, these simple, these are simple questions that we should be able to answer. But often when we ask, you know, an operations leader, can you answer it? It sometimes it's hard for them. We actually have a lot of that information. So we are able to bring that into the platform. We're able to show them, we're able to show them where the assets are, where the vulnerabilities are against those assets and help it ops do a better job as well as SecOps. So the, the strength, the case strengths, as you said, the CSO can also be talking to the it ops budget. >>The edge is getting more real. We're certainly hearing a lot about it. Now we're seeing a lot more and you kind of got the, the near edge. It's like the home Depot and the lows, you know, stores okay. That I, I can get a better handle on, okay. How do I secure that? I've got some standards, but that's the far edge. It's, it's the, the OT yes. Piece of it. That's sort of the brave new world. What are you seeing there? How do you protect those far flung estates? >>I think this gets back to the question of what's what's new what's coming and where do we see the, the next set of workloads that we have to tackle? You know, when we came along first instance, we were really doing a lot of the on-prem on-prem and, and, and known cloud infrastructure suites. Then we started really tackling the broader cloud market with tools and technology to give visibility and control of the overall cloud environment. OT represents that next big addressable market for us, because there are so many questions around devices where they are, how old they are, what they're running. So visibility into the OT network is extremely, extremely important. And, you know, the, the wall that has existed again between the CISO and the OT environments coming down, we're seeing that's closer, closer alignment between the security on both those worlds. So the announcement that we've made around extending our Falcon discover product, to be able to receive and understand device information from the OT network and bring it into the same console as the, the it and the OT in the same console to give one cohesive picture of, of visibility of all of our devices is a major step forward for our customers and for, for the industry as well. >>And we see that being, being able to get the visibility will then lead us to a place of being able to build our AI models, build our response frameworks. So then we can go to a full EDR and then beyond that, there's, you know, all the other things that CrowdStrike do so well, but this is the first step to really the first step on control is visibility. And >>The OT guys are engineers. So they're obviously conscious of this stuff. It's, it's more it's again, you're extending that culture, isn't it? >>Yeah, yeah, yeah. Now when you're looking at threats, great, you want to do things to protect against those threats, but how much, how much of CrowdStrike's time is spent thinking about the friction that's involved in transactions? If I wanna go to the grocery store, think of me as an end point. If I wanna go to the grocery store, if I had to drive through three DUI checkpoints or car safety inspections, every time I went to the grocery store, I wouldn't be happy as an end point as an end user in this whole thing. Ideally, we'd be able just to be authenticated and then not have to worry about anything moving forward. Do you see that as your role, reducing friction >>100%, that's again, one of the core tenants of, of, of why George founded the company. I mean, he tells the story of sitting on an airplane and seeing an executive who was also on the airplane, trying to boot their machine up and trying, and get an email out before the plane took off and watching the scanning happen, you know, old school virus scanning happening on the laptop and, and that executive not making it because, and he is like in this day and age, how can we be holding people back with that much friction in their day to day life? So that's one of the, again, founding principles of what we do at CrowdStrike was the security itself needs to support business growth, support, user growth, and actually get out of the way of how people do things. And we've seen progression along that lines. I think the zero trust work that we're doing right now really helps with that as well. >>Our integrations into other companies that play within the zero trust space makes that frictionless experience for the user, because yeah, we, we, we want to be there. We want to know everything that's happening, but we don't want to see where we always want control points, but that's the value of the telemetry we take. We're taking all the data so that we can see everything. And then we pick what we want to review rather than having to do the, the checkpoint approach of stop here. Now, let me see your credentials stop here. And let me see your credentials because we have a full field of, of knowledge and information on what the device is doing and what the user is doing. We're able to then do the trust with verify style approach. >>So coming back to the, to the edge and IOT, you know, bringing that zero trust concept to the, to the edge you've got, you've got it and OT. Okay. So that's a new constituency, but you're consolidating that view. Your job gets harder. Doesn't it? So, so, so talk about how you resolve that. Do do the, do the concepts that you apply to traditional it endpoints apply at the edge. >>So first things we have to do is gain the visibility. And, and so the way in which we're doing that is effectively drawing information out from the OT environment at, by, by having a collector that's sitting there and bringing that into our console, which then will give us the ability to run our AI models and our other, you know, indications of attack or our indications of misconfiguration into the model. So we can see whether something's good or bad whilst we're doing that. Obviously we're also working on building specific sensors that will then sit in OT devices down, you know, one layer down from rather being collected and pulled and brought into the platform, being collected at the individual sensor level when we have that completed. And that requires a whole different ecosystem for us, it means that we have to engage with organizations like Rockwell and Siemens and Schneider, because they're the people who own the equipment, right? Yeah. And we have to certify with them to make sure that when we put technology onto their equipment, we're not going to cause any kind of critical failure that, you know, that could have genuine real world physical disastrous consequences. So we have to be super careful with how we build that, which we're we're in the process of doing >>Are the IOA signatures indicator as a tax. So I don't have to throw a dollar in the jar, are the IOA signatures substantially similar at, at the edge? I think >>We learn as we go, you know, first we have to gain the information and understand what good and bad looks like, what the kind of behaviors are there. But what we will see is that, you know, as someone's trying to make, if there's an actor, you know, making an attack, you know, we'll be able to see how they're affecting each of those end points individually, whether they're trying to take some form of control, whether they're switching them on and off in the edge and the far edge, it's a little bit more binary in terms of the kind of function of the device. It is the valve open or is the valve closed? It's is the production line running or is the production not line running, not running. So we need to be able to see that it's more about protecting the outcomes there as well. But again, you know, it's about first, we have to get the information. That's what this product will help us do. Get it into the platform, get our teams over the top of it, learn more about what's going on there and then be able to take action. >>But the key point is the architecture will scale. That's where the cloud native things >>Comes into. Yeah, it'll, it'll it'll scale. But to your, to your point about the lack of investment and infrastructure means older stuff means potentially wider gaps, bigger security holes, more opportunity for the security sector. Yep. I buy that. That makes sense. I think if it's a valid argument, when you, when you, when you know, we, we loosely talk about internet of things, edge, a lot of those things on the edge, there's probably a trillion dollars worth of a hundred year old garbage, and I'm only slightly exaggerating on the trillion and the a hundred years old, a lot of those critical devices that need to be sensed that are controlling our, our, our, our electrical grid. For example, a lot of those things need to be updated. So, so as you're pushing into that frontier, are you, you know, are, are you extending out developer kits and APIs to those people as they're developing those new things, right? Because some of the old stuff will never work. >>And that's what we're we're seeing is that there is a movement within the industrial control side of things to actually start, you know, doing this. Some, some simple things like removing the air gap from certain systems, because now we can build a system around it, that's trustable and supportable. So now we can get access there over, over and over a network over the internet to, to, to kind of control a valve set that's down a pipeline or something like that. So there is a, there is, there is willingness within the ecosystem, the, the IOT provider ecosystem to give us access to some of those, those controls, which, which wasn't there, which has led to some of some of these issues. Are we gonna be able to get to all of them? No, we're gonna have to make decisions based on customer demand, based on where the big, the big rock lie. And, and so we will continue to do that based on customer feedback on again, on what we see >>And the legacy air gaps in the OT worlds were by design for security reasons, or just sort of, >>I see. Because there was no way to, to do before. Right. So it was, was like >>Lack connectivity is, >>Yeah. So, so, so it was, people felt more comfortable sending an engineer route to the field truck roll. Yeah, yeah, yeah. To do it rather than expensive, rather. And, and exactly that, again, going back to our macro economic situation, you know, it's a very expensive way of managing and maintaining your fleet if you have to send someone to it every time. So there is a lot of there's, there's a lot of customer demand for change, and we're engaging in that change. And we want to see a huge opportunity there >>Coming back to the XDR Alliance, cuz that's kind of where we started. Where do you wanna see that go? What's your vision for that? >>So the Alliance itself has been fundamental in terms of now where we go with the overall platform. We are always constantly looking for customer feedback on where we go next on what additional elements to add. The, the Alliance members have video this fantastic time and effort in terms of engaging with us so that we can build in responses to their platforms, into, you know, into, into what we do. And they're seeing the value of it. I, I feel that over the next, you know, over the next two year period, we're gonna see those, our XDR Alliance and other XDR alliances growing out to get to each other and they will they'll touch each other. We will have to do it like this O project at AWS. And as that occurs, we're gonna be able to focus on customer outcomes, which is, you know, again, if you listen to George, you listen to Mike protecting the customers, the mission of CrowdStrike. So I think that's core to that, to, to that story. What we will see now is it's a great vehicle for us to give a structured approach to partnership. So we'll continue to invest in that. We've, we've got, we've got a pipeline of literally hundreds of, of partners who want to join. We've just gotta do that in a way that's consumable for us and consumable for the customer. >>Jeff Swain. Thanks so much for coming back in the cube. It's great to have you. Yeah. Thanks guys. Thank you. Okay. And thank you for watching Dave Nicholson and Dave ante. We'll be back right to this short break. You're watching the cube from Falcon 22 in Las Vegas, right back.

>>Hi, everybody. We're wrapping up day two of AWS reinforced the Cube's continuous coverage. My business partner, John furrier, and co-host is actually a Monaco, um, you know, getting ready to do a big crypto show over there. So they'll be reporting from there tomorrow. Check that out in the cube.net. Jeff Swain is here. He is the vice president of global programs store and tech alliances at CrowdStrike. Jeff, thanks for coming on. Thanks >>David. >>So tell us about your role, what store, help us understand that? >>Yeah, so CrowdStrike has a CrowdStrike store, which is, uh, effectively our marketplace within our application, and also available externally that allows customers to be able to review decide and trial products, not only from CrowdStrike, but also from our third party partners. So wherever we have a tech Alliance customer can come in, see the value of the integration, see how it works on our platform and the third parties platform, and then go and request a trial. So it's a very easy and dynamic way for a customer to understand that joint value proposition CrowdStrike has with various other, other vendors and our own products as well. >>So your role is to bring all these cool tech companies together and create incremental value. >>Yes. Um, we believe that the ecosystem is really a, a natural evolution of what's happened in terms of the crowd struck story. If you think that we started out with a, uh, you know, a very simple product in the very early days, 10, 10, 11 years ago, services company built a product. That product then became a platform with various modules in it. The next evolution of that is expanding out beyond our own platform and working into other areas of, of, of interest and value. So that's where the ecosystem comes into play. So you have to underpin that with some automations things like marketplaces and stores, you have to have integrations in place, joint applications and commercial vehicles to make that work. >>So I was walking around the other day and I, and it caught my eye and I sat there and listened for a better part of the presentation had to get back and do the queue, but it was a presentation between a CrowdStrike expert and an Okta expert. Yep. You know, better together was the whole thing. And, you know, I know it's kind of, and then they were describing how you guys compliment each other. So that would be an example, >>A perfect example. I mean, we, we, we compliment Okta and Okta complements us for very, in various different ways. And in fact, we sort of assemble that into different narratives that work well for our customers. So as an example with Okta, we ASEM, we work very well with them in zero trust. So we have a zero trust narrative that talks about how it works with Okta and also Zscaler. In fact, we have a, um, an Alliance through the cloud security Alliance where we're working to build practitioner guides, build, um, uh, a community of value across the different products to bring zero trust into some standardized, you know, uh, reference architectures and some standardized training that brings all of our products together for, for, for the user. That be example of a, of, one of the narratives that we have, they'd also play in our XDR narrative. Obviously XDR helps us bring telemetry in from different products. And again, we use XDR right across, you know, various, various, uh, tech >>Alliances. So, so take zero choice. So you'll take the concept of least privilege. Yep. And you'll apply that to what to end point to, you know, using identity Zscaler, you bring the cloud component. >>Correct. So then we are actually able to see how someone's traversing the entire organization. We can see who they are. We can see where they land. We can see what data they're accessing, where they're accessing. It gather a whole bunch of different telemetry around that and provide the security team with the ability to be able to see what someone's doing, enforce the, um, the, you know, access rights as, and where they need to see any anomalies or anomalous behavior within that and close it down before anything bad happens. So zero trust is a really important part of our, uh, of our, of, of, of our, um, narratives. >>And you have these plays or narratives with, with a bunch of ecosystem partners. Right? Correct. Mean, so take log management. >>Yep. >>Maybe add some context that, >>So, so around that happens, you may know we acquired, um, uh, humo, uh, right around that, where obviously we have to be able to ingest and have bridges out to a large variety of different platforms to be able to ship data into our platform. I mean, one of the values of humo is its ability to massively scale, um, and very, very easily cheaply bring, bring a lot of data into a simple place and have very fast searching. Well, what are you searching? You gotta go and have data sources. So, you know, very quickly we've built out a large number of integrations with, I think, over 30 partners to easily bring data into the Humira platform to let customers be able to have that advantage. >>So what role does AWS play in all this? >>AWS is a fantastic role in, um, both coordinating some of this in terms of, especially through the marketplace, the ability to, uh, coordinate our transactions between us and help us work together from a transactional basis, help the customer procure the right solutions together. But also AWS's nature. Natural, uh, inclination towards innovation means that they'll, they like to work with partners who, especially partners who are on their platform to drive a lot of innovation, to build out how customers are bringing more data together. Obviously it's beneficial to them in terms of the volumes of data that go computers that go across the AWS platform. But also they encourage us to work together. They, they, they say in some cases invest in those integrations. Um, they work with programs. They bring in third party reseller programs, uh, through C P O. So it gives us a, a platform gives us innovation. It gives us some structure. Um, it's been really exciting working with them. >>Now talk about CrowdStrike and your cloud strategy. How would you Des describe your cloud strategy? >>So we've been cloud native from day one. It's one of the, one of the founding principles of CrowdStrike. Um, as, as we were set up, uh, by a founder, so two elements, cloud native, and a single agent, and those two design principles have not been broken by us at any point through our history. It's very important that we, we stick to those two principles. Our cloud is, um, was born in AWS, um, and they've been supportive of us right through, right through our growth period. So we started out with one module, as I said, now we have, I think, 23 different modules and we're continually growing that. We also then have a lot of support for the cloud. So, you know, helping us understand what's happening within cloud environments so that our customers are better protected. In fact, the show here, we've announced two separate, um, uh, uh, incremental products to, to the cloud space. One that's very much focused on, um, adding, uh, better container or better visibility inside containers in our CNA product. And, um, and, and another area around how we do our threat hunting across the cloud. So we have a team of threat hunters, global best engineers who hunt right across our customers environments. We have a whole, whole bunch of additional cloud telemetry. So that's, that's been included into our, into our Overwatch threat hunting. >>So you'll ingest data from multiple clouds, right? You're running on AWS. Yes. But you can take data from anywhere from >>Anywhere, >>Including OnPrem. >>Um, so our sensor sits on laptops, servers, virtual servers devices. Do I devices wherever they need to say. Um, and then of it needs to be cloud connected. It comes into our, into our cloud. So we can, we can take information from instances in any cloud environment and any laptop, uh, to pretty much bring them in. And, uh, that's how it works, but it's a single cloud. I mean, our value proposition is that huge, um, uh, graph threat graph that we've built over the years, um, trillions and trillions of events per day, that we're now searching and using AI technologies to suite out. What's good. And what's bad. >>Yeah. So CrowdStrike, obviously we've reported on CrowdStrike in breaking analysis, a lot, CrowdStrike, Zscaler, Okta, a number of other, those, those companies you're partnering with all those guys, which is quite interesting. Yeah. You're all growing, you know, really nice, nice clips. I wonder, I always wonder in these situations, okay. As things get bigger and bigger and growth slows, we haven't seen that. See, you actually see the, we saw the cloud growth accelerating during the pandemic. Yeah. Right. But, but you know, you wonder, you see it all the time in this, in this industry is companies get big, they start doing M and a, they start getting it to adjacencies, you know, Google, apple, you know, uh, Cisco VMware, do you think you'll ever see a collision course with all these wonderful partners? Are we years away from that? Um, >>I think we're very careful with how we partner and who we partner with. Obviously we, we have discussions on what our future plans are to make sure that what we partner on is, is beneficial to both sides. Um, crowd strike itself. We're, we're growing all the time. You know, our platform has grown, as I said, the modules have grown, but in general, we've found is that our partners are taking the journey with us. Um, it's one of the advantages of, of the success that we've had is most of the partners want to be part of that journey rather than sort of, um, trying to go head on. But, you know, there's always opportunities for us to have open conversations and real dialogue to make sure that we do the right thing for the customer. And that's what drives everything that we do, you know, we're focused on the right products for the right >>Customers. What, what what's reinforcement like, what's the experience been? What, what's your takeaways from the show? >>Um, it's been a really excellent show for us in terms of, uh, getting out, meeting a lot, a lot of customers at a very decent senior level here. Actually's been very, very worthwhile. Um, we've had great response to the announcements that we've made. There's been a lot of, lot of activity through the booth, which is always great to see, um, from a, actually from a partnership perspective from my world, you know, I've had a large number of really great meetings with the AWSs leadership as well about what we can do together. Um, and the future looks really bright. >>Who's the, when you, when you think in thinking about, and I know you're not, you know, selling direct, but when you think about the constituencies, when you think about all the, the partners in your ecosystem that you're, you're building and collaborating with, who do you guys collectively talk to? You know, who do you appeal to? Is it the CISO? Is it the, you know, other security practitioners? Yeah. Is it the line of business? Is it the CIO architect who are the actors that you're sort of collaborating with in your customer >>Side? Yeah, it's really interesting obviously, cuz there's different personas depending on what it is that we're doing. Um, someone who's really interested in our log management narrative for example, is probably going to be maybe from the, the DevOps, um, uh, team or from, from that area for a C app. It's going to be someone in the cloud architecture, cloud security architecture space. Um, zero trust again will be someone who's got a bit of an identity, our area and privacy to them as well. Um, a lot of this comes up to the CISO and that's often our, you know, our, our, our economic buyer would be be in that space. But one of the things we have to do is we go into adjacent markets is learn the personas there and understand their habits and their buying cycles and, and, and build value propositions that work for those people. So it's an ongoing exercise. >>How do you see the CISO role evolving, uh, given, you know, cloud? One of my takeaways from Mr event is like, I feel like cloud is becoming the first line of defense. Mm-hmm <affirmative> the CISO and the developers becoming the second line of defense audit is like the third line of defense. Some people agree with that. Some people do so just merit bear said, no, no, it's all integrated into one thing. And I'm like, no, it's not, but okay. Yeah. But, but how is the CSO role evolving given that the cloud is becoming so much more prominent today? >>I think it's it's at this point, everyone said, you know, the CSO needs to evolve to being a direct member of the directly responsible to the board. This is something that we've all said for many years. Sure. If you look at what we see in the threat report, if you look at what we're seeing from the threat landscape, you know, the volume of threats that are coming through, not diminishing in any way, but in fact, the size and the impact of what they're doing is getting worse. So it, the risk that's being, um, uh, uh, that's being experienced is just getting worse all the time. However, we have different options for resolving that issue. You can go down a services led path with a, with an MDR player, like our file can complete, uh, process, or you can go down with an MSP. So the CISO's role is now not just on what products and how to Def, how to use them to best defend, but also what products, what services are available. >>What am I gonna invest in, in my team versus what am I going to push to a, to a, to a third party to look after for me. And we're seeing more and more companies at the going up the light up the, the, the enterprise stack, trusting us in our Falcon complete team, um, uh, with, with, with parts of their defense portfolio. So I think that role that you, you know, the CISO's role is developing all the time into something that's portfolio oriented. How am I getting value for service as well as value for money from products? It's a really interesting, it's really interesting development, um, in terms of what they have to deal with. Uh, you know, I still think that the, the visibility that you see from the endpoint is where's where it's where the, the Decron jewels are still it's where the data is. Mm-hmm <affirmative>. Um, and I think that's really why crowd strike is a unique proposition in that space. It's what >>We protect. So when you say the end point is where the data is, paint a picture of that. >>Well, if you think about, if a, if an actor is after at a personal information or IP, they're often going to be going down to the laptop or the, or the, or the virtual instance level to look for that within the weakest part, we've always said is people, um, and the more dive, the more open you are with that, the wider your audience there, the, the more risk you carry within that space, you know, we don't think endpoints laptops or phones, you know, servers, um, comput instances inside the cloud. They're all endpoint to us. Workloads is a better word. In fact, >>Those work, sorry, what's a better word >>Workloads >>Workloads. >>Okay. Yeah. We often talk about workloads rather than >>Is it data store and >>Endpoint? Yeah. If it's computer or not, it's, it's, it's basically, uh, it's a workload where, where we can put a sensor. How >>About a, how about a backup Corpus, uh, a backup backup Corpus of data? >>Well, I think if there's a, if there's a place that we can put a sensor on it to see whether it's being, you know, active or not, and we can track the telemetry from it, we would consider >>That sensor would be an agent. Yeah. An agent. Yeah. Yeah. Okay. And so you said single agent, >>We have one agent that runs all of our products this way, again, one of the design principles and, and the basics of our company, >>Because one of the things that we've seen, maybe tell me if you don't see this, is, is that a lot of times ransomware attackers will go after the, the, the backup Corpus mm-hmm <affirmative> disable it. Yeah. Because, you know, once you get that, you can't recover a hundred percent. Yeah. And they'll encrypt the, all the data on the network, and then they'll, they'll hold the backup Corpus hostage. >>This is one of the great advantages of how CrowdStrike and how our platform works. In fact, you know, um, a lot of other vendors talk in terms of, uh, you know, known bad known good, and, and, and indicators of compromise. Right. You know, I know this IP address has been compromised. I know that anything originating from here is bad. Um, what CrowdStrike looks at is, is, is we've built up a very, very, um, substantial, uh, library of what we call indicators of attack. Indications of attack are looking at the potential for attack. And whether, whether that in conjunction that specific piece of telemetry in conjunction with others makes the attack more likely. So for example, if someone, um, opens an email, we don't think that's necessarily, you know, a, a, a risk point, right. Um, but if someone opens an email and they click on an attachment, we think, well, maybe there's, there's, you know, that's happens billions of times a day, so still not bad, but if that then spills up, you know, a process, and if that process then starts to enumerate hard drives and start to look for backups, you know, we're getting more suspicious all the time. >>Um, and if they're then cause an encryption routine, we can be pretty certain at that point that what we've got in play is, is ransomware attack. Um, by looking at the holistic attack, the whole process of it, and having that sort of fingerprint of what that may look like. And in combining that with our knowledge of bad actors, our intelligence in the field, we've got a very good view on what may happen there. So exactly to your point, if we see, um, someone going after backups as part of a wider process that helps us identify that something of something bad is, is about to happen in terms of ransomware attack allows us to take action against it, put in the appropriate containment or blocking, >>And then explain. So, you know, when people hear agents, they're like, oh, another agent to manage, but I was talking to somebody the other day and saying, know, we're gonna integrate with the CrowdStrike agent because it's so robust. Correct. And what we are doing is, which is agent list is it's good, it's lightweight, but we can't get the data. Yep. You know, so explain that. So there's a trade off, right? I mean, you gotta manage an agent, right. But obviously it's working, your customers are, are adopting. >>So it's an extremely lightweight agent. That's always been the, the premise for this. And I think when George founded the company, one of the things he noticed was, you know, how long it was taking for someone to scan it, get us, get through a scan while they were trying to get an email out before a plane took off. And he said, you know, we can't have this. So, so he was looking at how do we make this as light as possible? Um, and, uh, and so that's one of been principle for us, right from day one. And you're right. Um, third parties do want to leverage our agent because of it's robustness. We look at pretty much everything that's happening as a telemetry event, once, once power hits the CPU through, till it drops out. So we've got very rich knowledge of what's happening on every single device or, or workload that's out there. >>And it's very usable for other people, as far as the customer's concerned, if a third party can use that information rather than have to deploy another agent, that's a huge win for the customer. I think we all know that proliferation of agents, Harrison, that's what, that was the old way of doing things. You know, people would acquire products and try and bundle 'em together and what they ended up with multiple agents competing for resources on the, on the system, by having one agent well defined, well architected, what we have is a modern, a modern software architecture to solve modern problems. >>Okay. So, uh, last question. Yep. When during the pandemic, we noticed that the, um, everything changed, obviously work from home remote work, and that the implications on the CISO were these permanent changes. And we reported on this and breaking analysis and other except endpoint, uh, you guys CrowdStrike, uh, uh, identity Okta got a boost, uh, cloud security, Zscaler. Yep. You know, got a boost, rethinking the network network. Security became top of mind that, and that we said is these are permanent changes, but now as we exit, but they were rushed as we exit the isolation economy. What can we expect going forward? >>I think to earlier point the ability for us to work across all of those areas and work better, you know, everyone was very much concentrating on delivered their own product as best as they could, as quickly as they could to meet the demands of the pandemic. Now we can go through a place of making sure that we work really, really well together as different units to solve the customer problem. So trim some of the trim trim, some of the, of, of, of the, the fat out of any integrations that we may have built quickly to solve a problem. Now we can focus on doing it really well. What we're seeing is a proliferation in our world of more applications in our store. So tighter integration inside our UI with our third party products, um, and a lot of demand for that. So really the, the customer experience is as seamless as possible. We talk about, you know, frictionless is what we want to see. Um, and that's, you know, the boost that the, the, the disruption got from the pan from the pandemic was fantastic start of the innovation. Right now, we have the opportunity to bring everything together, to really solve some excellent problems for customers, um, and make the world safer place. >>Jeff, great summary. Thank you for coming on. I'm gonna, I'm gonna give my quick take on, on this reinforc. I mean, I think very clearly AWS is, is enforcing the notion that that security is, is job one for them from the, the nitro chip, you know, all the way up the stack all the way through the culture. I mean, I think we heard that at, at this event. Um, I think you heard, you know, some great announcements, a lot of the stuff around, you know, threat detection and, and, and automation and, and, and reasoning, which is great. I don't think you heard a lot on how AWS are making the CISO's life simpler. I think a lot of that goes to the ecosystem. Mm-hmm <affirmative> maybe, uh, but the other thing is AWS leaving a lot of room, a lot of meat in the bone, as we like to say sometimes for the, for the ecosystem. >>Mm. Um, you know, security is a good example. I mean, you know, Microsoft makes a lot of money and security. AWS doesn't make a ton of money in security. It's just sort of comes with it. I think we're also seeing the changing role, the CISO, I think the cloud is becoming the first line of the fence, CISO and developers. The next line audit is really the third line and developer. The developer role is becoming increasingly important and, and frankly sophisticated, they gotta worry about securing the containers. They gotta worry about the run time. They have to worry about the platform as a service. And so, you know, developers need the team with the, with the, with the security operations team. So that's kind of my takeaway here. I think the event was, was, was good. It was not, it wasn't oversubscribed. I think people in, in Boston this time of year at the beach, um, whereas last 2019, you know, it was June. And so you get, you had a, a bigger attendance, but that's kind of my takeaway. Anything you'd add to that, Jeff, >>I think the quality has been here. Yeah. Um, you know, maybe not the quantity the quality has certainly been here. Um, I think, you know, there is, uh, a lot of innovation that's happening in the security industry. I think AWS has got some good products that they they're helping deliver, but as you said, they're there to help us support us and, and the other ISVs to really come together and build our best of breed overall solution that helps our customers and solve some of that complexity that you're seeing. And some of that uncertainty you're seeing is who has to solve what problem in the stack. Yeah. >>Well, thanks for that. Thanks for that. Thanks for help me wrap up here. The, the security space remains one that's highly fragmented, highly complex, you know, lack of talent is, is the, the problem that most organizations have. Lena smart of MongoDB doesn't have that problem nor does AWS, I guess cuz they're AWS and, and Mongo. Uh, but that's a wrap here from, from day two, the cube go to the cube.net. You'll see all these videos, youtube.com/silicon angle. If you want, you know, the YouTube link. Yeah. You can go there. Silicon angle.com is where we publish all the, the news of the day. wikibon.com for, for the research. This is Dave ante. Look for John furrier from Monica at, uh, the, the crypto event, uh, all this week. And we will see you next time. Thanks for watching.